package eu.emi.security.authn.x509.impl;

import eu.emi.security.authn.x509.helpers.AbstractX509Credential;
import eu.emi.security.authn.x509.helpers.CertificateHelpers;
import eu.emi.security.authn.x509.helpers.KeyStoreHelper;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Enumeration;

/* loaded from: input_file:eu/emi/security/authn/x509/impl/KeystoreCredential.class */
public class KeystoreCredential extends AbstractX509Credential {
    public KeystoreCredential(String str, char[] cArr, char[] cArr2, String str2, String str3) throws IOException, KeyStoreException {
        KeyStore loadKeystore = loadKeystore(str, cArr, str3);
        createSingleKeyView(loadKeystore, checkKeystore(loadKeystore, cArr2, str2), cArr2);
    }

    protected KeyStore loadKeystore(String str, char[] cArr, String str2) throws KeyStoreException, IOException {
        KeyStore keyStoreHelper = KeyStoreHelper.getInstance(str2);
        BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(new File(str)));
        try {
            try {
                keyStoreHelper.load(bufferedInputStream, cArr);
                bufferedInputStream.close();
                return keyStoreHelper;
            } catch (NoSuchAlgorithmException e) {
                throw new KeyStoreException("Keystore has contents using an unsupported algorithm", e);
            } catch (CertificateException e2) {
                throw new KeyStoreException("Keystore certificate is invalid", e2);
            }
        } catch (Throwable th) {
            bufferedInputStream.close();
            throw th;
        }
    }

    protected String checkKeystore(KeyStore keyStore, char[] cArr, String str) throws KeyStoreException {
        if (str == null) {
            try {
                str = getDefaultKeyAlias(keyStore);
            } catch (InvalidKeyException e) {
                throw new KeyStoreException("Key and certificate in the keystore are not matching", e);
            } catch (NoSuchAlgorithmException e2) {
                throw new KeyStoreException("Key is encrypted or uses an unsupported algorithm", e2);
            } catch (UnrecoverableKeyException e3) {
                throw new KeyStoreException("Key's password seems to be incorrect", e3);
            }
        }
        if (!keyStore.containsAlias(str)) {
            throw new KeyStoreException("Key alias >" + str + "< does not exist in the keystore");
        }
        Key key = keyStore.getKey(str, cArr);
        if (key == null) {
            throw new KeyStoreException("Key alias >" + str + "< is not an alias of a key entry, but an alias of a certificate entry");
        }
        if (!(key instanceof PrivateKey)) {
            throw new KeyStoreException("Key under the alias >" + str + "< is not a PrivateKey but " + key.getClass().getName());
        }
        Certificate certificate = keyStore.getCertificate(str);
        if (certificate == null) {
            throw new KeyStoreException("There is no certificate associated with the key under the alias >" + str + "<");
        }
        CertificateHelpers.checkKeysMatching((PrivateKey) key, certificate.getPublicKey());
        return str;
    }

    protected String getDefaultKeyAlias(KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        String str = null;
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isKeyEntry(nextElement)) {
                if (str != null) {
                    throw new KeyStoreException("Key alias was not provided and the keystore contains more then one key entry: " + nextElement + " and " + str);
                }
                str = nextElement;
            }
        }
        if (str == null) {
            throw new KeyStoreException("The keystore doesn't contain any key entry");
        }
        return str;
    }

    protected void createSingleKeyView(KeyStore keyStore, String str, char[] cArr) {
        try {
            this.ks = KeyStoreHelper.getInstance("JKS");
            this.ks.load(null);
            this.ks.setKeyEntry(AbstractX509Credential.ALIAS, keyStore.getKey(str, cArr), KEY_PASSWD, keyStore.getCertificateChain(str));
        } catch (Exception e) {
            throw new RuntimeException("Got error when loading data from the correct original keystore - this is most probably a bug", e);
        }
    }

    public static String autodetectType(String str, char[] cArr) throws IOException, KeyStoreException {
        File file = new File(str);
        if (!file.exists()) {
            throw new FileNotFoundException("Keystore file " + str + " does not exist");
        }
        if (!file.isFile()) {
            throw new IOException("Keystore specified with " + str + " is not a file (is directory?)");
        }
        if (!file.canRead()) {
            throw new IOException("Keystore specified with " + str + " is not readable");
        }
        String str2 = (str.endsWith("p12") || str.endsWith("pkcs") || str.endsWith("pkcs12")) ? "PKCS12" : "JKS";
        if (tryLoadKs(str2, str, cArr)) {
            return str2;
        }
        String str3 = str2.equals("JKS") ? "PKCS12" : "JKS";
        if (tryLoadKs(str3, str, cArr)) {
            return str3;
        }
        throw new KeyStoreException("Autodetection of keystore type failed. Most probably it is not a valid JKS or PKCS12 file.");
    }

    private static boolean tryLoadKs(String str, String str2, char[] cArr) {
        BufferedInputStream bufferedInputStream = null;
        try {
            try {
                KeyStore keyStoreHelper = KeyStoreHelper.getInstance(str);
                bufferedInputStream = new BufferedInputStream(new FileInputStream(str2));
                keyStoreHelper.load(bufferedInputStream, cArr);
                if (bufferedInputStream == null) {
                    return true;
                }
                try {
                    bufferedInputStream.close();
                    return true;
                } catch (IOException e) {
                    return true;
                }
            } catch (IOException e2) {
                if (e2.getCause() == null || !(e2.getCause() instanceof UnrecoverableKeyException)) {
                    if (bufferedInputStream != null) {
                        try {
                            bufferedInputStream.close();
                        } catch (IOException e3) {
                        }
                    }
                    return false;
                }
                if (bufferedInputStream != null) {
                    try {
                        bufferedInputStream.close();
                    } catch (IOException e4) {
                    }
                }
                return true;
            } catch (Exception e5) {
                if (bufferedInputStream != null) {
                    try {
                        bufferedInputStream.close();
                    } catch (IOException e6) {
                    }
                }
                return false;
            }
        } catch (Throwable th) {
            if (bufferedInputStream != null) {
                try {
                    bufferedInputStream.close();
                } catch (IOException e7) {
                }
            }
            throw th;
        }
    }
}
